many parts make the whole
Office 365 has been steadily growing for many years to the point where it currently has over 200 million users. Many large and small organizations are increasingly taking advantage of cloud based services and infrastructure to reduce costs and increase availability to their users. So, when there is security issue with a major cloud based … Read More “REMOTE CODE EXECUTION in Office 365” »
Compromised updates for Solarwinds Orion are making headlines for containing malware. The updates available from March through May of this year appear to have contained a very elusive and adaptable trojan that FireEye has dubbed the SUNBURST Backdoor. FireEye has published a great write-up on the attack here along with Indications of Compromise. Please be sure to read through … Read More “SOLARWINDS ORION AND THE SUNBURST BACKDOOR” »
If you have a strong dislike for advertisements intruding on your internet experience and you like to tinker and DIY your home network, then you might likely have deployed a Pi-hole in your environment. This vulnerability does require access to the Pi-hole webui and admin credentials, but it allows for arbitrary command execution. Pi-hole versions … Read More “REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816” »
At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy … Read More “Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE” »
One of the most popular VPN provides, NordVPN has been in the news recently for being hacked. According to NordVPN no user data was compromised and the bad actor never had access to any user traffic. A bad actor was able to acquire a TLS key for a single server in Finland. NordVPN is downplaying … Read More “NordVPN COMPROMISE” »
A security vulnerability was revealed earlier this week in the Nvidia GeForce Experience. If you are not familiar this is Nvidia’s preferred, (meaning default), method of delivering drivers to their video cards. Most gamers using Nvidia cards likely have this application installed to keep their drivers updated. It also includes the ability to take screenshots … Read More “NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION” »
Norsk Hydro, (one of the world’s largest aluminum producers), has suffered a loss of profits due to a recent cyber attack. Additionally large US cities are struggling with ransomware. Baltimore and Atlanta have both fallen victim recently and they are not alone. These attacks were noteworthy in that they did not target the people but … Read More “NORSK HYDRO AND US CITIES AFFECTED BY RANSOMWARE” »
There is a good write up from Armin Sebastian on a vulnerability in Adblock Plus 3.2 which can allow for arbitrary code execution under certain conditions. There $rewrite filter option is the source of the problem and several conditions must be met in order for an attack to be possible. uBlock Origin is not susceptible … Read More “ADBLOCK PLUS – ARBITRARY CODE EXECUTION” »